Chrome webstore removes fake adblockers after researchers points them out

Google has removed five “ad-block” extensions from its webstore, after a researcher from the company Adgaurd found them to be fake. The five extensions together had 20 million users.

According to Andrey Meshkov, who studied the fake extensions, these malicious software simply copied code from real ad blockers and then added a few lines to them. Meshkov listed the fake ad blockers:

AdRemover for Google Chrome™ (10M+ users)

uBlock Plus (8M+ users)

Adblock Pro (2M+ users)

HD for YouTube™ (400K+ users)

Webutation (30K+ users)

Notably, even the least popular one has over 30,000 users. In this report, Meshkov also revealed some worrying details about AdRemover, which had over 10 million users. It hid malicious code inside a well-known javascript library (jQuery), which sent back information about some user activity, like websites they visited. The extension also received commands from its remote server, and these commands could change the browser behaviour in any way.

Google Chrome is a major driver of adblock growth in the world, and 20% of users discovered ad blocking by browsing through “available browser extensions”. The fake extensions used names and keywords such that they appeared on top of the search results. Many a times, that is enough for casual users to choose them. Meshkov cautioned users, saying if you want to install an extension, think twice. And when you absolutely need this extension, check who is the author of this extension. Do not install it if you don’t trust the author.

The availability of these software on Google Chrome webstore for an unknown amount of time, their presence at the top of search results and the millions of downloads point to a lax on the part of the company is checking for malicious extensions. Meshkov pointed out that the problem is not new. It’s been a while since different “authors” started spamming Chrome WebStore with lazy clones of popular ad blockers (with a few lines of their code on top of them). “The only way of fighting this stuff is to file a trademark violation abuse to Google, and it takes them a few days to take a clone down,” he added.